LSAIT/Sites OS X Lab meeting
15 Mar 2004



ManyHooks: now available via CVS at rsug.itd.umich.edu:
    (Jan and Dave met wtih Wes, Andrew and Patrick last week, and determined that it would be beneficial to use their OS X hooks.  It works like Manyhooks.)
    * setenv CVSROOT :pserver:anonynmous@rsug.itd.umich.edu:/usr/local/src/cvsroot
    * cvs login (pw: RSUG)
    * cvs co hooks
    * sudo make package
    * Package is called MacOSXHooks.pkg
    
OpenFirmware Lock
    nvram tool for setting openfirmware lock, or commandline tool
    nvram -p to list environment variables
    can pass text encoded hash to nvram (hex-hash the pwd)
    depermit the nvram tool
    security-mode: (none, command, full)
    security-password: (hex-encoded)
    Scriptable, but the hex pwd can be hacked
    
Logout Button:
    (Jan discussed this with Sites already, too)
    <<aevtlogo>>: Prompt user to logout
    <<aevtrlgo>>: No prompt
    

Logout timeout/screensaver:
    Applications can cancel logout
    killing loginwindow bypasses logout hooks
    
Loadset types:
http://www.lsa.umich.edu/lsait/AdminTools/osx/minutes/lab-meeting-2004-03-01.doc

User space management:
   (Andrew has a script already written)
    Home directory lifetime (2 hours after logout in Sites, and runs Night crons to keep 2 hour limit)
    If 75% of the disk space, it will delete the oldest homedirectory)
    consideration:  balancing between user convenience and administrative burden
                    
Managed Prinintg:
    There are 2 ways to manage printing:
        1) Current we use a de-permitted Print Center (chmod 770) 
        (just on the binary)
        2) Modify /etc/cups/cupsd.conf
            a) however, if queue stops, it cannot be restarted by non-admin user
            b) localhost:631
        3) Setting default printer:   /etc/cups/printers.conf
        4) charge-for and non-charge-for printing
        5) Printing Configuration (manual feed, transparency, PPD)
        6) Postscript Considerations
            sample script for setting default print queue:
                #! /bin/sh
                # Set the printer to front desk 
                
                /bin/cp /private/etc/cups/printers.conf.LRC_Front_Desk /private/etc/cups/printers.conf
                /bin/rm -rf /private/etc/cups/ppd/*
                /bin/cp /private/etc/cups/ppd.disabled/LRC_Front_Desk_on_lrc_prmc2_lrc_lsa_umich_edu.ppd /private/etc/cups/ppd/
                
                /usr/bin/killall -9 cupsd
                /usr/sbin/cupsd
                
                exit 0

    Printers on VLAN to prevent Rendezvous discovery.
    LIUD for user verification. Access control list determines allowed hosts.
    Generally, pick up latest bits from Sites machines
    
MGRID: 
    -distributed computer jobs
    -would we want to join?
    -computer use is only during off-peok cycles
    condor (installer package available) from U of Wisconsin
        will not restart a job if it is interrupted
    PBS
    AFS for Databases
       Example of performance:  17 hours (Solaris), 9 hours (Lunux), 5 hours (G5)
    
Radmind:
    Changes since WWDC 2002: many many.
    Loadset considerations: customizable, scalable; personal, lab, etc.
    
Backups: (no current plan to do workstation backups)
    
KeyServer:
    K2
    
Bootable CD:
    Darwin boot script
    Copy of Mac OS X Installer CD